Mercurial > libervia-web
view libervia/pages/merge-requests/edit/page_meta.py @ 1283:436ef2ad92af
pages: moved CSRF checking code to a separate method:
`checkCSRF` can now be used to check CSRF, and the token can be put in `X-Csrf-Token`
header.
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 19 Jun 2020 16:47:51 +0200 |
parents | f511f8fbbf8a |
children | 04e7dd6b6f4d |
line wrap: on
line source
#!/usr/bin/env python3 from libervia.server.constants import Const as C from sat.core.i18n import _ from twisted.internet import defer from sat.tools.common import template_xmlui from sat.tools.common import data_format from sat.core.log import getLogger """merge-requests edition""" name = "merge-requests_edit" access = C.PAGES_ACCESS_PROFILE template = "merge-request/edit.html" log = getLogger(__name__) def parse_url(self, request): try: item_id = self.nextPath(request) except IndexError: log.warning(_("no ticket id specified")) self.pageError(request, C.HTTP_BAD_REQUEST) data = self.getRData(request) data["ticket_id"] = item_id @defer.inlineCallbacks def prepare_render(self, request): data = self.getRData(request) template_data = request.template_data service, node, ticket_id = ( data.get("service", ""), data.get("node", ""), data["ticket_id"], ) profile = self.getProfile(request) ignore = ( "publisher", "author", "author_jid", "author_email", "created", "updated", "comments_uri", "request_data", "type", ) tickets = yield self.host.bridgeCall( "mergeRequestsGet", service.full() if service else "", node, C.NO_LIMIT, [ticket_id], "", {}, profile, ) ticket = [template_xmlui.create(self.host, x, ignore=ignore) for x in tickets[0]][0] try: # small trick to get a one line text input instead of the big textarea ticket.widgets["labels"].type = "string" ticket.widgets["labels"].value = ticket.widgets["labels"].value.replace( "\n", ", " ) except KeyError: pass # same as tickets_edit wid = ticket.widgets['body'] if wid.type == "xhtmlbox": wid.type = "textbox" wid.value = yield self.host.bridgeCall( "syntaxConvert", wid.value, C.SYNTAX_XHTML, "markdown", False, profile) template_data["new_ticket_xmlui"] = ticket @defer.inlineCallbacks def on_data_post(self, request): data = self.getRData(request) service = data["service"] node = data["node"] ticket_id = data["ticket_id"] posted_data = self.getAllPostedData(request) if not posted_data["title"] or not posted_data["body"]: self.pageError(request, C.HTTP_BAD_REQUEST) try: posted_data["labels"] = [l.strip() for l in posted_data["labels"][0].split(",")] except (KeyError, IndexError): pass profile = self.getProfile(request) # we convert back body to XHTML body = yield self.host.bridgeCall( "syntaxConvert", posted_data['body'][0], "markdown", C.SYNTAX_XHTML, False, profile) posted_data['body'] = ['<div xmlns="{ns}">{body}</div>'.format(ns=C.NS_XHTML, body=body)] extra = {'update': True} yield self.host.bridgeCall( "mergeRequestSet", service.full(), node, "", "auto", posted_data, "", ticket_id, data_format.serialise(extra), profile, ) # we don't want to redirect to edit page on success, but to tickets list data["post_redirect_page"] = ( self.getPageByName("merge-requests"), service.full(), node or "@", )